Пример #1
0
        /// <summary>
        /// Initialise and add cookie based session hooks to the application pipeine
        /// </summary>
        /// <param name="applicationPipelines">Application pipelines</param>
        /// <param name="encryptionProvider">Encryption provider for encrypting cookies</param>
        /// <param name="passPhrase">Encryption pass phrase</param>
        /// <param name="salt">Encryption salt</param>
        /// <returns>Formatter selector for choosing a non-default formatter</returns>
        public static IFormatterSelector Enable(IApplicationPipelines applicationPipelines, IEncryptionProvider encryptionProvider, string passPhrase, string salt)
        {
            var sessionStore = new CookieBasedSessions(encryptionProvider, passPhrase, salt, new DefaultSessionObjectFormatter());

            applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
            applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));

            return sessionStore;
        }
Пример #2
0
        public CookieBasedSessionsFixture()
        {
            this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
            this.fakeHmacProvider = A.Fake<IHmacProvider>();
            this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeSessionObjectFormatter());

            this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password"));
            this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword"));
        }
Пример #3
0
        public CookieBasedSessionsFixture()
        {
            this.fakeEncryptionProvider = A.Fake<IEncryptionProvider>();
            this.fakeHmacProvider = A.Fake<IHmacProvider>();
            this.cookieStore = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, new Fakes.FakeObjectSerializer());

            this.rijndaelEncryptionProvider = new RijndaelEncryptionProvider(new PassphraseKeyGenerator("password", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
            this.defaultHmacProvider = new DefaultHmacProvider(new PassphraseKeyGenerator("anotherpassword", new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }, 1000));
        }
Пример #4
0
        /// <summary>
        /// Initialise and add cookie based session hooks to the application pipeine
        /// </summary>
        /// <param name="applicationPipelines">Application pipelines</param>
        /// <param name="cryptographyConfiguration">Cryptography configuration</param>
        /// <returns>Formatter selector for choosing a non-default serializer</returns>
        public static IObjectSerializerSelector Enable(IApplicationPipelines applicationPipelines, CryptographyConfiguration cryptographyConfiguration)
        {
            var sessionStore = new CookieBasedSessions(cryptographyConfiguration.EncryptionProvider, cryptographyConfiguration.HmacProvider, new DefaultObjectSerializer());

            applicationPipelines.BeforeRequest.AddItemToEndOfPipeline(ctx => LoadSession(ctx, sessionStore));
            applicationPipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));

            return sessionStore;
        }
Пример #5
0
        /// <summary>
        /// Initialise and add cookie based session hooks to the application pipeline
        /// </summary>
        /// <param name="pipelines">Application pipelines</param>
        /// <param name="configuration">Cookie based sessions configuration.</param>
        /// <returns>Formatter selector for choosing a non-default serializer</returns>
        public static IObjectSerializerSelector Enable(IPipelines pipelines, CookieBasedSessionsConfiguration configuration)
        {
            if (pipelines == null)
            {
                throw new ArgumentNullException("pipelines");
            }

            var sessionStore = new CookieBasedSessions(configuration);

            pipelines.BeforeRequest.AddItemToStartOfPipeline(ctx => LoadSession(ctx, sessionStore));
            pipelines.AfterRequest.AddItemToEndOfPipeline(ctx => SaveSession(ctx, sessionStore));

            return sessionStore;
        }
        public void Should_load_valid_test_data()
        {
            var inputValue = ValidHmac + ValidData;
            inputValue = HttpUtility.UrlEncode(inputValue);
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(store.CookieName, inputValue);

            var result = store.Load(request);

            result.Count.ShouldEqual(1);
            result.First().Value.ShouldBeOfType(typeof(DefaultSessionObjectFormatterFixture.Payload));
        }
        public void Should_be_able_to_load_an_object_previously_saved_to_session()
        {
            var response = new Response();
            var session = new Session(new Dictionary<string, object>());
            var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            session["testObject"] = payload;
            store.Save(session, response);
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(Helpers.HttpUtility.UrlEncode(response.Cookies.First().Name), Helpers.HttpUtility.UrlEncode(response.Cookies.First().Value));

            var result = store.Load(request);

            result["testObject"].ShouldEqual(payload);
        }
        public void Should_be_able_to_save_a_complex_object_to_session()
        {
            var response = new Response();
            var session = new Session(new Dictionary<string, object>());
            var payload = new DefaultSessionObjectFormatterFixture.Payload(27, true, "Test string");
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            session["testObject"] = payload;

            store.Save(session, response);

            response.Cookies.Count.ShouldEqual(1);
            var cookie = response.Cookies.First();
            cookie.Name.ShouldEqual(store.CookieName);
            cookie.Value.ShouldNotBeNull();
            cookie.Value.ShouldNotBeEmpty();
        }
        public void Should_call_the_formatter_on_save()
        {
            var response = new Response();
            var session = new Session(new Dictionary<string, object>());
            session["key1"] = "value1";
            var fakeFormatter = A.Fake<IObjectSerializer>();
            var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter);

            store.Save(session, response);

            A.CallTo(() => fakeFormatter.Serialize("value1")).MustHaveHappened(Repeated.Exactly.Once);
        }
        public void Should_call_formatter_on_load()
        {
            var fakeFormatter = A.Fake<IObjectSerializer>();
            A.CallTo(() => this.fakeEncryptionProvider.Decrypt("encryptedkey1=value1")).Returns("key1=value1;");
            var store = new CookieBasedSessions(this.fakeEncryptionProvider, this.fakeHmacProvider, fakeFormatter);
            var request = CreateRequest("encryptedkey1=value1", false);

            store.Load(request);

            A.CallTo(() => fakeFormatter.Deserialize("value1")).MustHaveHappened(Repeated.Exactly.Once);
        }
        public void Should_use_CookieName_when_config_provides_cookiename_value()
        {
            //Given
            var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider);
            var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig)
            {
                CookieName = "NamedCookie",
                Serializer = this.fakeObjectSerializer
            };
            var store = new CookieBasedSessions(storeConfig);

            //When
            var response = new Response();
            var session = new Session(new Dictionary<string, object>
                                        {
                                            {"key1", "val1"},
                                        });
            session["key2"] = "val2";
            store.Save(session, response);

            //Then
            response.Cookies.ShouldHave(c => c.Name == storeConfig.CookieName);
        }
Пример #12
0
        public void Should_return_blank_session_if_hmac_changed()
        {
            var inputValue = "b" + ValidHmac.Substring(1) + ValidData;
            inputValue = HttpUtility.UrlEncode(inputValue);
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, new DefaultObjectSerializer());
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(CookieBasedSessions.GetCookieName(), inputValue);

            var result = store.Load(request);

            result.Count.ShouldEqual(0);
        }
Пример #13
0
 /// <summary>
 /// Saves the request session into the response
 /// </summary>
 /// <param name="context">Nancy context</param>
 /// <param name="sessionStore">Session store</param>
 private static void SaveSession(NancyContext context, CookieBasedSessions sessionStore)
 {
     sessionStore.Save(context.Request.Session, context.Response);
 }
Пример #14
0
        /// <summary>
        /// Loads the request session
        /// </summary>
        /// <param name="context">Nancy context</param>
        /// <param name="sessionStore">Session store</param>
        /// <returns>Always returns null</returns>
        private static Response LoadSession(NancyContext context, CookieBasedSessions sessionStore)
        {
            if (context.Request == null)
            {
                return null;
            }

            context.Request.Session = sessionStore.Load(context.Request);

            return null;
        }
Пример #15
0
 /// <summary>
 /// Saves the request session into the response
 /// </summary>
 /// <param name="context">Nancy context</param>
 /// <param name="sessionStore">Session store</param>
 private static void SaveSession(NancyContext context, CookieBasedSessions sessionStore)
 {
     sessionStore.Save(context.Request.Session, context.Response);
 }
        public void Should_return_blank_session_if_encrypted_data_modified()
        {
            var inputValue = ValidHmac + ValidData.Substring(0, ValidData.Length - 1) + "Z";
            inputValue = HttpUtility.UrlEncode(inputValue);
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(store.CookieName, inputValue);

            var result = store.Load(request);

            result.Count.ShouldEqual(0);
        }
        public void Should_return_blank_session_if_encrypted_data_are_invalid_but_contain_semicolon_when_decrypted()
        {
            var bogusEncrypted = this.rijndaelEncryptionProvider.Encrypt("foo;bar");
            var inputValue = ValidHmac + bogusEncrypted;
            inputValue = HttpUtility.UrlEncode(inputValue);
            var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(store.CookieName, inputValue);

            var result = store.Load(request);

            result.Count.ShouldEqual(0);
        }
Пример #18
0
        public void Should_return_blank_session_if_hmac_missing()
        {
            var inputValue = ValidData;
            inputValue = HttpUtility.UrlEncode(inputValue);
            var store = new CookieBasedSessions(this.aesEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
            var request = new Request("GET", "/", "http");
            request.Cookies.Add(store.CookieName, inputValue);

            var result = store.Load(request);

            result.Count.ShouldEqual(0);
        }
        public void Should_set_Path_when_config_provides_path_value()
        {
            //Given
            var cryptoConfig = new CryptographyConfiguration(this.fakeEncryptionProvider, this.fakeHmacProvider);
            var storeConfig = new CookieBasedSessionsConfiguration(cryptoConfig)
            {
                Path = "/",
                Serializer = this.fakeObjectSerializer
            };
            var store = new CookieBasedSessions(storeConfig);

            //When
            var response = new Response();
            var session = new Session(new Dictionary<string, object>
                                          {
                                              {"key1", "val1"},
                                          });
            session["key2"] = "val2";
            store.Save(session, response);

            //Then
            var cookie = response.Cookies.First(c => c.Name == storeConfig.CookieName);
            cookie.Path.ShouldEqual(storeConfig.Path);
        }
        public void Should_load_an_empty_session_if_session_cookie_is_invalid()
        {
          //given
          var inputValue = ValidHmac.Substring(0, 5); //invalid Hmac
          inputValue = HttpUtility.UrlEncode(inputValue);
          var store = new CookieBasedSessions(this.rijndaelEncryptionProvider, this.defaultHmacProvider, this.defaultObjectSerializer);
          var request = new Request("GET", "/", "http");
          request.Cookies.Add(store.CookieName, inputValue);

          //when
          var result = store.Load(request);

          //then
          result.Count.ShouldEqual(0);
        }